As the title says, I’m wondering whether it is safe to store weapons needed by LocalScripts in ReplicatedStorage or if exploiters can freely equip them?
Since hackers can fire remote events on replicatedstorage, Yes, they can just grab it and use as they wish
whatever to counter this behavior i would simply script something like this:
local function EquipWeapon()
--- Stuff here
-- if the player has a verification of the server saying that he can equip it, then you equip, else just ignore
end)
RemoteEventhere.OnServerEvent:Connect(function() -- for example
--when they equip something, the server checks if the player apparently has ( in a legit way ) the weapon
if yes then
EquipWeapon()
--if not then just return
end)
And btw, don’t store Tool + scripts in ReplicatedStorage, put them in [ServerStorage]
Hackers can grab stuff in ReplicatedStorage, but ServerStorage they can’t
Just place a Placeholder of a Tool, just to “Look”
No scripts
Nothing functional
In ServerStorage you will put the REAL Tool
so you will have no issues with hackers picking up all stuff in RS and trying to be smart
if you store the tool using localscript on ReplicatedStorage, then it only work on client side only. if there is any server script inside the tool, it will also won’t work on client because server ReplicatedStorage is separated from client replicated Storage. So, it should be safe if we store the tool inside the replicated storage because server script won’t replicate to client ReplicatedStorage. I personally prefer to store it inside ServerStorage. Anyone can correct me if i’m wrong. I don’t know how to explain well. Can anyone explain in a better manner please.
To add on, you could put the actual tools that are used in the game in ServerStorage and don’t use ReplicatedStorage at all. Then, you can put some dummy tools in ReplicatedStorage that serve as a honeypot; anyone who uses tools from ReplicatedStorage will be detected as an exploiter.
1 Like
ReplicatedStorage Can Be Accessed By Client So Exploiter Can Easily Grab Your Tool
Maybe you could put a tool in replicated storage where if they equip it. They get banned! Hahaha! And put the real tools in server storage. 
It should be safe in the sense that an exploiter wouldn’t be able to do anything to other players with the tools in ReplicatedStorage. As others have pointed out, they can easily access these tools. I would always suggest putting them into ServerStorage. However, I can imagine some situations where it’s simply more convenient to bunch everything up in a single area both the server and client can access.
1 Like
Yes you are wrong because ReplicatedStorage is same for both client and server. Client can’t access ServerStorage because it does not get replicated to the client.
Then, why if we change something on ReplicatedStorage through client, it won’t replicate on server. That mean they are two separate entity. That’s what i’m trying to say.
Me personally I store tools and all that kind of stuff in game.ServerStorage so that only the server can access it.
That’s the whole purpose of Filtering Enabled lol. In almost all cases changes should be only replicateable from Server → Client.
so, if i clone the tool which contain server script on ReplicatedStorage through ServerScript, then
on client i get the tool through exploit, will that server script also work.
Unfortunely i’m not an exploiter or even have time to test. so, if you can clarify this, that would be useful ?
If you rely on player having equipped tool then it’s bad design of your system. You must give players “reward” based on server not client.
no, ofcourse not, it just as a example
it doesn’t even working if we have server script also.
(so i read somewhere before long time ago saying that client have their own ReplicatedStorage, the server also have their own ReplicatedStorage. Also it is from trusted people i believe, but forgot where to find it )
this is out of my expertise. im out of here
bye 
Exploiters can see what’s inside the ReplicatedStorage but if they clone the tool to their inventory they will not be able to use it.
Not quite, he incorrectly explained the ReplicatedStorage stuff but the server scripts not working inside the tool is correct, as that tool doesn’t even exist on the server, since the exploiter copied it from the client-side.
@The_flyingMan716 it won’t due to the reason I’ve stated above
1 Like
Well yes and no, they can see it and add it to their backpack or inventory but I don’t think they can actually use it unless your games remote security is uh not the best.